1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Artem Bityutskiy (Битюцкий Артём) 20 * Adrian Hunter 21 */ 22 23 /* 24 * This file implements UBIFS extended attributes support. 25 * 26 * Extended attributes are implemented as regular inodes with attached data, 27 * which limits extended attribute size to UBIFS block size (4KiB). Names of 28 * extended attributes are described by extended attribute entries (xentries), 29 * which are almost identical to directory entries, but have different key type. 30 * 31 * In other words, the situation with extended attributes is very similar to 32 * directories. Indeed, any inode (but of course not xattr inodes) may have a 33 * number of associated xentries, just like directory inodes have associated 34 * directory entries. Extended attribute entries store the name of the extended 35 * attribute, the host inode number, and the extended attribute inode number. 36 * Similarly, direntries store the name, the parent and the target inode 37 * numbers. Thus, most of the common UBIFS mechanisms may be re-used for 38 * extended attributes. 39 * 40 * The number of extended attributes is not limited, but there is Linux 41 * limitation on the maximum possible size of the list of all extended 42 * attributes associated with an inode (%XATTR_LIST_MAX), so UBIFS makes sure 43 * the sum of all extended attribute names of the inode does not exceed that 44 * limit. 45 * 46 * Extended attributes are synchronous, which means they are written to the 47 * flash media synchronously and there is no write-back for extended attribute 48 * inodes. The extended attribute values are not stored in compressed form on 49 * the media. 50 * 51 * Since extended attributes are represented by regular inodes, they are cached 52 * in the VFS inode cache. The xentries are cached in the LNC cache (see 53 * tnc.c). 54 * 55 * ACL support is not implemented. 56 */ 57 58 #include "ubifs.h" 59 #include <linux/fs.h> 60 #include <linux/slab.h> 61 #include <linux/xattr.h> 62 #include <linux/posix_acl_xattr.h> 63 64 /* 65 * Limit the number of extended attributes per inode so that the total size 66 * (@xattr_size) is guaranteeded to fit in an 'unsigned int'. 67 */ 68 #define MAX_XATTRS_PER_INODE 65535 69 70 /* 71 * Extended attribute type constants. 72 * 73 * USER_XATTR: user extended attribute ("user.*") 74 * TRUSTED_XATTR: trusted extended attribute ("trusted.*) 75 * SECURITY_XATTR: security extended attribute ("security.*") 76 */ 77 enum { 78 USER_XATTR, 79 TRUSTED_XATTR, 80 SECURITY_XATTR, 81 }; 82 83 static const struct inode_operations empty_iops; 84 static const struct file_operations empty_fops; 85 86 /** 87 * create_xattr - create an extended attribute. 88 * @c: UBIFS file-system description object 89 * @host: host inode 90 * @nm: extended attribute name 91 * @value: extended attribute value 92 * @size: size of extended attribute value 93 * 94 * This is a helper function which creates an extended attribute of name @nm 95 * and value @value for inode @host. The host inode is also updated on flash 96 * because the ctime and extended attribute accounting data changes. This 97 * function returns zero in case of success and a negative error code in case 98 * of failure. 99 */ 100 static int create_xattr(struct ubifs_info *c, struct inode *host, 101 const struct qstr *nm, const void *value, int size) 102 { 103 int err; 104 struct inode *inode; 105 struct ubifs_inode *ui, *host_ui = ubifs_inode(host); 106 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 107 .new_ino_d = ALIGN(size, 8), .dirtied_ino = 1, 108 .dirtied_ino_d = ALIGN(host_ui->data_len, 8) }; 109 110 if (host_ui->xattr_cnt >= MAX_XATTRS_PER_INODE) 111 return -ENOSPC; 112 /* 113 * Linux limits the maximum size of the extended attribute names list 114 * to %XATTR_LIST_MAX. This means we should not allow creating more 115 * extended attributes if the name list becomes larger. This limitation 116 * is artificial for UBIFS, though. 117 */ 118 if (host_ui->xattr_names + host_ui->xattr_cnt + 119 nm->len + 1 > XATTR_LIST_MAX) 120 return -ENOSPC; 121 122 err = ubifs_budget_space(c, &req); 123 if (err) 124 return err; 125 126 inode = ubifs_new_inode(c, host, S_IFREG | S_IRWXUGO); 127 if (IS_ERR(inode)) { 128 err = PTR_ERR(inode); 129 goto out_budg; 130 } 131 132 /* Re-define all operations to be "nothing" */ 133 inode->i_mapping->a_ops = &empty_aops; 134 inode->i_op = &empty_iops; 135 inode->i_fop = &empty_fops; 136 137 inode->i_flags |= S_SYNC | S_NOATIME | S_NOCMTIME | S_NOQUOTA; 138 ui = ubifs_inode(inode); 139 ui->xattr = 1; 140 ui->flags |= UBIFS_XATTR_FL; 141 ui->data = kmemdup(value, size, GFP_NOFS); 142 if (!ui->data) { 143 err = -ENOMEM; 144 goto out_free; 145 } 146 inode->i_size = ui->ui_size = size; 147 ui->data_len = size; 148 149 mutex_lock(&host_ui->ui_mutex); 150 host->i_ctime = ubifs_current_time(host); 151 host_ui->xattr_cnt += 1; 152 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 153 host_ui->xattr_size += CALC_XATTR_BYTES(size); 154 host_ui->xattr_names += nm->len; 155 156 err = ubifs_jnl_update(c, host, nm, inode, 0, 1); 157 if (err) 158 goto out_cancel; 159 mutex_unlock(&host_ui->ui_mutex); 160 161 ubifs_release_budget(c, &req); 162 insert_inode_hash(inode); 163 iput(inode); 164 return 0; 165 166 out_cancel: 167 host_ui->xattr_cnt -= 1; 168 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 169 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 170 mutex_unlock(&host_ui->ui_mutex); 171 out_free: 172 make_bad_inode(inode); 173 iput(inode); 174 out_budg: 175 ubifs_release_budget(c, &req); 176 return err; 177 } 178 179 /** 180 * change_xattr - change an extended attribute. 181 * @c: UBIFS file-system description object 182 * @host: host inode 183 * @inode: extended attribute inode 184 * @value: extended attribute value 185 * @size: size of extended attribute value 186 * 187 * This helper function changes the value of extended attribute @inode with new 188 * data from @value. Returns zero in case of success and a negative error code 189 * in case of failure. 190 */ 191 static int change_xattr(struct ubifs_info *c, struct inode *host, 192 struct inode *inode, const void *value, int size) 193 { 194 int err; 195 struct ubifs_inode *host_ui = ubifs_inode(host); 196 struct ubifs_inode *ui = ubifs_inode(inode); 197 struct ubifs_budget_req req = { .dirtied_ino = 2, 198 .dirtied_ino_d = ALIGN(size, 8) + ALIGN(host_ui->data_len, 8) }; 199 200 ubifs_assert(ui->data_len == inode->i_size); 201 err = ubifs_budget_space(c, &req); 202 if (err) 203 return err; 204 205 kfree(ui->data); 206 ui->data = kmemdup(value, size, GFP_NOFS); 207 if (!ui->data) { 208 err = -ENOMEM; 209 goto out_free; 210 } 211 inode->i_size = ui->ui_size = size; 212 ui->data_len = size; 213 214 mutex_lock(&host_ui->ui_mutex); 215 host->i_ctime = ubifs_current_time(host); 216 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 217 host_ui->xattr_size += CALC_XATTR_BYTES(size); 218 219 /* 220 * It is important to write the host inode after the xattr inode 221 * because if the host inode gets synchronized (via 'fsync()'), then 222 * the extended attribute inode gets synchronized, because it goes 223 * before the host inode in the write-buffer. 224 */ 225 err = ubifs_jnl_change_xattr(c, inode, host); 226 if (err) 227 goto out_cancel; 228 mutex_unlock(&host_ui->ui_mutex); 229 230 ubifs_release_budget(c, &req); 231 return 0; 232 233 out_cancel: 234 host_ui->xattr_size -= CALC_XATTR_BYTES(size); 235 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 236 mutex_unlock(&host_ui->ui_mutex); 237 make_bad_inode(inode); 238 out_free: 239 ubifs_release_budget(c, &req); 240 return err; 241 } 242 243 /** 244 * check_namespace - check extended attribute name-space. 245 * @nm: extended attribute name 246 * 247 * This function makes sure the extended attribute name belongs to one of the 248 * supported extended attribute name-spaces. Returns name-space index in case 249 * of success and a negative error code in case of failure. 250 */ 251 static int check_namespace(const struct qstr *nm) 252 { 253 int type; 254 255 if (nm->len > UBIFS_MAX_NLEN) 256 return -ENAMETOOLONG; 257 258 if (!strncmp(nm->name, XATTR_TRUSTED_PREFIX, 259 XATTR_TRUSTED_PREFIX_LEN)) { 260 if (nm->name[sizeof(XATTR_TRUSTED_PREFIX) - 1] == '\0') 261 return -EINVAL; 262 type = TRUSTED_XATTR; 263 } else if (!strncmp(nm->name, XATTR_USER_PREFIX, 264 XATTR_USER_PREFIX_LEN)) { 265 if (nm->name[XATTR_USER_PREFIX_LEN] == '\0') 266 return -EINVAL; 267 type = USER_XATTR; 268 } else if (!strncmp(nm->name, XATTR_SECURITY_PREFIX, 269 XATTR_SECURITY_PREFIX_LEN)) { 270 if (nm->name[sizeof(XATTR_SECURITY_PREFIX) - 1] == '\0') 271 return -EINVAL; 272 type = SECURITY_XATTR; 273 } else 274 return -EOPNOTSUPP; 275 276 return type; 277 } 278 279 static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum) 280 { 281 struct inode *inode; 282 283 inode = ubifs_iget(c->vfs_sb, inum); 284 if (IS_ERR(inode)) { 285 ubifs_err("dead extended attribute entry, error %d", 286 (int)PTR_ERR(inode)); 287 return inode; 288 } 289 if (ubifs_inode(inode)->xattr) 290 return inode; 291 ubifs_err("corrupt extended attribute entry"); 292 iput(inode); 293 return ERR_PTR(-EINVAL); 294 } 295 296 int ubifs_setxattr(struct dentry *dentry, const char *name, 297 const void *value, size_t size, int flags) 298 { 299 struct inode *inode, *host = dentry->d_inode; 300 struct ubifs_info *c = host->i_sb->s_fs_info; 301 struct qstr nm = QSTR_INIT(name, strlen(name)); 302 struct ubifs_dent_node *xent; 303 union ubifs_key key; 304 int err, type; 305 306 dbg_gen("xattr '%s', host ino %lu ('%pd'), size %zd", name, 307 host->i_ino, dentry, size); 308 ubifs_assert(mutex_is_locked(&host->i_mutex)); 309 310 if (size > UBIFS_MAX_INO_DATA) 311 return -ERANGE; 312 313 type = check_namespace(&nm); 314 if (type < 0) 315 return type; 316 317 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 318 if (!xent) 319 return -ENOMEM; 320 321 /* 322 * The extended attribute entries are stored in LNC, so multiple 323 * look-ups do not involve reading the flash. 324 */ 325 xent_key_init(c, &key, host->i_ino, &nm); 326 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 327 if (err) { 328 if (err != -ENOENT) 329 goto out_free; 330 331 if (flags & XATTR_REPLACE) 332 /* We are asked not to create the xattr */ 333 err = -ENODATA; 334 else 335 err = create_xattr(c, host, &nm, value, size); 336 goto out_free; 337 } 338 339 if (flags & XATTR_CREATE) { 340 /* We are asked not to replace the xattr */ 341 err = -EEXIST; 342 goto out_free; 343 } 344 345 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 346 if (IS_ERR(inode)) { 347 err = PTR_ERR(inode); 348 goto out_free; 349 } 350 351 err = change_xattr(c, host, inode, value, size); 352 iput(inode); 353 354 out_free: 355 kfree(xent); 356 return err; 357 } 358 359 ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, 360 size_t size) 361 { 362 struct inode *inode, *host = dentry->d_inode; 363 struct ubifs_info *c = host->i_sb->s_fs_info; 364 struct qstr nm = QSTR_INIT(name, strlen(name)); 365 struct ubifs_inode *ui; 366 struct ubifs_dent_node *xent; 367 union ubifs_key key; 368 int err; 369 370 dbg_gen("xattr '%s', ino %lu ('%pd'), buf size %zd", name, 371 host->i_ino, dentry, size); 372 373 err = check_namespace(&nm); 374 if (err < 0) 375 return err; 376 377 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 378 if (!xent) 379 return -ENOMEM; 380 381 xent_key_init(c, &key, host->i_ino, &nm); 382 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 383 if (err) { 384 if (err == -ENOENT) 385 err = -ENODATA; 386 goto out_unlock; 387 } 388 389 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 390 if (IS_ERR(inode)) { 391 err = PTR_ERR(inode); 392 goto out_unlock; 393 } 394 395 ui = ubifs_inode(inode); 396 ubifs_assert(inode->i_size == ui->data_len); 397 ubifs_assert(ubifs_inode(host)->xattr_size > ui->data_len); 398 399 if (buf) { 400 /* If @buf is %NULL we are supposed to return the length */ 401 if (ui->data_len > size) { 402 ubifs_err("buffer size %zd, xattr len %d", 403 size, ui->data_len); 404 err = -ERANGE; 405 goto out_iput; 406 } 407 408 memcpy(buf, ui->data, ui->data_len); 409 } 410 err = ui->data_len; 411 412 out_iput: 413 iput(inode); 414 out_unlock: 415 kfree(xent); 416 return err; 417 } 418 419 ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size) 420 { 421 union ubifs_key key; 422 struct inode *host = dentry->d_inode; 423 struct ubifs_info *c = host->i_sb->s_fs_info; 424 struct ubifs_inode *host_ui = ubifs_inode(host); 425 struct ubifs_dent_node *xent, *pxent = NULL; 426 int err, len, written = 0; 427 struct qstr nm = { .name = NULL }; 428 429 dbg_gen("ino %lu ('%pd'), buffer size %zd", host->i_ino, 430 dentry, size); 431 432 len = host_ui->xattr_names + host_ui->xattr_cnt; 433 if (!buffer) 434 /* 435 * We should return the minimum buffer size which will fit a 436 * null-terminated list of all the extended attribute names. 437 */ 438 return len; 439 440 if (len > size) 441 return -ERANGE; 442 443 lowest_xent_key(c, &key, host->i_ino); 444 while (1) { 445 int type; 446 447 xent = ubifs_tnc_next_ent(c, &key, &nm); 448 if (IS_ERR(xent)) { 449 err = PTR_ERR(xent); 450 break; 451 } 452 453 nm.name = xent->name; 454 nm.len = le16_to_cpu(xent->nlen); 455 456 type = check_namespace(&nm); 457 if (unlikely(type < 0)) { 458 err = type; 459 break; 460 } 461 462 /* Show trusted namespace only for "power" users */ 463 if (type != TRUSTED_XATTR || capable(CAP_SYS_ADMIN)) { 464 memcpy(buffer + written, nm.name, nm.len + 1); 465 written += nm.len + 1; 466 } 467 468 kfree(pxent); 469 pxent = xent; 470 key_read(c, &xent->key, &key); 471 } 472 473 kfree(pxent); 474 if (err != -ENOENT) { 475 ubifs_err("cannot find next direntry, error %d", err); 476 return err; 477 } 478 479 ubifs_assert(written <= size); 480 return written; 481 } 482 483 static int remove_xattr(struct ubifs_info *c, struct inode *host, 484 struct inode *inode, const struct qstr *nm) 485 { 486 int err; 487 struct ubifs_inode *host_ui = ubifs_inode(host); 488 struct ubifs_inode *ui = ubifs_inode(inode); 489 struct ubifs_budget_req req = { .dirtied_ino = 2, .mod_dent = 1, 490 .dirtied_ino_d = ALIGN(host_ui->data_len, 8) }; 491 492 ubifs_assert(ui->data_len == inode->i_size); 493 494 err = ubifs_budget_space(c, &req); 495 if (err) 496 return err; 497 498 mutex_lock(&host_ui->ui_mutex); 499 host->i_ctime = ubifs_current_time(host); 500 host_ui->xattr_cnt -= 1; 501 host_ui->xattr_size -= CALC_DENT_SIZE(nm->len); 502 host_ui->xattr_size -= CALC_XATTR_BYTES(ui->data_len); 503 host_ui->xattr_names -= nm->len; 504 505 err = ubifs_jnl_delete_xattr(c, host, inode, nm); 506 if (err) 507 goto out_cancel; 508 mutex_unlock(&host_ui->ui_mutex); 509 510 ubifs_release_budget(c, &req); 511 return 0; 512 513 out_cancel: 514 host_ui->xattr_cnt += 1; 515 host_ui->xattr_size += CALC_DENT_SIZE(nm->len); 516 host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); 517 mutex_unlock(&host_ui->ui_mutex); 518 ubifs_release_budget(c, &req); 519 make_bad_inode(inode); 520 return err; 521 } 522 523 int ubifs_removexattr(struct dentry *dentry, const char *name) 524 { 525 struct inode *inode, *host = dentry->d_inode; 526 struct ubifs_info *c = host->i_sb->s_fs_info; 527 struct qstr nm = QSTR_INIT(name, strlen(name)); 528 struct ubifs_dent_node *xent; 529 union ubifs_key key; 530 int err; 531 532 dbg_gen("xattr '%s', ino %lu ('%pd')", name, 533 host->i_ino, dentry); 534 ubifs_assert(mutex_is_locked(&host->i_mutex)); 535 536 err = check_namespace(&nm); 537 if (err < 0) 538 return err; 539 540 xent = kmalloc(UBIFS_MAX_XENT_NODE_SZ, GFP_NOFS); 541 if (!xent) 542 return -ENOMEM; 543 544 xent_key_init(c, &key, host->i_ino, &nm); 545 err = ubifs_tnc_lookup_nm(c, &key, xent, &nm); 546 if (err) { 547 if (err == -ENOENT) 548 err = -ENODATA; 549 goto out_free; 550 } 551 552 inode = iget_xattr(c, le64_to_cpu(xent->inum)); 553 if (IS_ERR(inode)) { 554 err = PTR_ERR(inode); 555 goto out_free; 556 } 557 558 ubifs_assert(inode->i_nlink == 1); 559 clear_nlink(inode); 560 err = remove_xattr(c, host, inode, &nm); 561 if (err) 562 set_nlink(inode, 1); 563 564 /* If @i_nlink is 0, 'iput()' will delete the inode */ 565 iput(inode); 566 567 out_free: 568 kfree(xent); 569 return err; 570 } 571